[jira] [Commented] (NIFI-5473) Add documentation for using intermediate CA with TLS toolkit

Tue, 07 Aug 2018 12:08:15 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-5473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16572176#comment-16572176
 ] 

ASF subversion and git services commented on NIFI-5473:
-------------------------------------------------------

Commit 57baae9ae28f63877e66cbc178cdd127a82d4841 in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=57baae9 ]

NIFI-5476 Added logic to check CA certificate signature against additional 
certificates.
Moved utility code to TlsHelper.
Added unit tests.
Added command-line parsing for additional CA certificate path.
Added documentation on using the TLS Toolkit to generate and sign certificates 
using an externally-signed CA.
Updated toolkit external CA documentation to be inline with additional context 
from NIFI-5473.
Cleaned up toolkit documentation.
Improved error message by changing to absolute path.
Added Javadoc to and removed unthrown exception declarations from 
TlsHelper#verifyCertificateSignature().
Cleaned up unit tests with utility method.
Fixed checkstyle error.
Support conversion of a PKCS#8 formatted private key automatically to avoid 
forcing the user to do that. Also add some log messages for debugging when the 
parser fails to parse the appropriate object
Incorporated Peter's contribution for PKCS #8 to PKCS #1 conversion.
Added documentation and refactored methods.
Refactored unit test.
Added RAT exclusion for test resource.

This closes #2935.

Co-authored-by: pepov <[email protected]>

Signed-off-by: Matt Gilman <[email protected]>


> Add documentation for using intermediate CA with TLS toolkit
> ------------------------------------------------------------
>
>                 Key: NIFI-5473
>                 URL: https://issues.apache.org/jira/browse/NIFI-5473
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation &amp; Website, Security, Tools and Build
>    Affects Versions: 1.7.1
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: certificate, documentation, security, tls, tls-toolkit
>             Fix For: 1.8.0
>
>
> With some manual work, the TLS toolkit can be used with a pre-existing 
> certificate and private key that has been signed by an organization's 
> certificate authority (CA) to sign toolkit-generated certificates. The Admin 
> Guide should be improved to cover the necessary steps. 
> When the separate "Security Guide" / "Toolkit Guide" is created, this content 
> should be migrated there. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to